Active cPanel/WHM zero-day exploit prompts rapid patch after PoC release

April 30, 2026 at 04:16 PM

•

1 min read

Active cPanel/WHM zero-day exploit prompts rapid patch after PoC release — Photo: BleepingComputer

TL;DR Summary

A critical authentication-bypass vulnerability CVE-2026-41940 in cPanel/WHM and WP Squared is being actively exploited in the wild; recent technical details and a PoC show CRLF injection in login/session handling that can grant control without a password. cPanel issued a patch on April 28, while mitigations include restarting cpsrvd, blocking ports 2083/2087/2095/2096 if patching isn’t immediate, and using provided detection scripts to verify compromise.

Topics:technology #cpanel #cve-2026-41940 #exploitation #security #whm #zero-day

Share this article

Critical cPanel and WHM bug exploited as a zero-day, PoC now available BleepingComputer
The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) watchTowr Labs
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately The Hacker News
Critical cPanel, WHM flaw probs exploited as 0-day, pros say theregister.com
cPanel Vulnerability Exposes Servers to Takeover eSecurity Planet

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

93%

852 → 63 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights